theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2021-30952

CISA KEV

Published March 5, 2026 · Updated April 3, 2026

high

What This Means

# CVE-2021-30952 Technical Summary An integer overflow vulnerability in Apple's WebKit engine (used by Safari, tvOS, macOS, iPadOS, and watchOS) allows attackers to execute arbitrary code by serving maliciously crafted web content. The flaw occurs during memory handling in WebKit's processing routines, bypassing memory safety protections. Update to patched versions immediately: macOS 11.6/12.0.1+, iOS/iPadOS 15.1+, tvOS 15.1+, and watchOS 8.1+; disable JavaScript as a temporary mitigation if patching is delayed.

Official Description+

Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution.

Affected Products

VendorProduct
AppleMultiple Products

Patch Status

Patch by 2026-03-26

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
  4. Monitor vendor advisories for updates and additional mitigations.
  5. Review logs for indicators of compromise related to CVE-2021-30952.